Title: Network Management: Concepts and Practice, a HandsOn Approach by J' Richard Burke Publisher: Prentic
1Network Management Concepts and Practice, a
Hands-On Approach by J. Richard
BurkePublisher Prentice Hall Chapter 6
SNMP
2 Components of a TCP/IP-based Network Management
System
Communication architecture
3SNMP Packet
 The SNMPv1 Packet
- Version 0 for version 1
- Both the management station and management agent
must use the same version of SNMP otherwise
frames will be discarded - Community name
- An SNMP password
- Management stations and management agents must
use community names that match otherwise frames
will be discarded - The SNMP community name is NOT encripted
- Protocol Data Unit (PDU)
- Indicates SNMP operation and variable bindings
4SNMP commands
- Get-Request (0) request one or more values from
a management agent - Get-Next-Request (1) request the value of the
next lexicographically larger object identifier
in a MIB tree given the present object identifier - If used repeatedly, it allows the management
station to walk the entire MIB tree to get the
values of all variables without specifying the
object identifiers of any variables. - Get-Response (2) a response from the management
agent to the management station supplying the
requested value(s) - Set-Request (3) sets a value in the management
agent MIB - Trap (4) a message from a management agent to a
management station that is initiated by an
alarm/event pair on the management agent - To inform the management station of events that
may require action by a network manager.
5SNMP PDU Format
- GetRequest, GetNextRequest, GetResponse, and
SetRequest PDUs
- Request ID an integer used to correlate
requests and responses - Error Status
- When the PDU is a request from the management
station, the Error status field has the value
zero - In the Get-Response messages, it is used by the
management agent to inform the management station
that the PDU was either received correctly or
that an exception occurred
6SNMP PDU Error Status
- Error Status
- 0 noError
- 1 tooBig, A Too Big error is encountered most
often when a GetNextRequest operation retrieves a
large amount of data that cannot fit into a
single SNMP message - 2 noSuchName, there is no such object with this
name - 3 badValue, the incoming Set operation
specified the incorrect syntax or value - 4 readOnly, a SetRequest operation tried to
modify a variable that is not included in the
SNMP community profile used for the operation - 5 genErr, an error that does not fit any of the
four specific error types
7SNMP PDU Error Index
- Error Index
- an integer, starts with one, in the Get-Response
message, which specifies the first variable in
the VarBindList that caused an error - When the PDU is a request from the management
station, the Error Index field has the value zero
8SNMP PDU VarBindList
- VarBindList a list of variable ID and variable
value pairs - Variable ID contains the Object Identifier of the
variable defined in the Structure of Management
Information (SMI) specification - Variable Value contains the value of the variable
9Trap SNMP PDU Format
- Enterprise contains an object identifier,
defined by an authorized vendor, for the device
subsystem that created the trap message - Agent Address is the IP address of the network
device - Generic Trap Number contains an integer
representing one of seven traps defined in SNMP
RFC 1157 - Specific Trap Number contains a code defined in
a proprietary MIB - Time Stamp contains the time in 1/100ths of a
second since the agent on the device was
initialized - VarBindList may contain one or more variable
bindings that are sent along with the trap message
10SNMP PDU -- Trap
- Generic Trap Number
- coldStart(0)
- warmStart(1)
- linkDown(2)
- linkUp(3)
- authenticationFailure(4)
- egpNeighborLoss(5)
- enterpriseSpecific(6)
11Structure of Management Information (SMI) MIB
Hierarchical tree structure
12Structure of Management Information (SMI) MIB
- The nodes are labeled except for the root
- Each label consists of a non-negative integer
value and possibly a brief textual description - Children nodes are termed subordinates or
sub-identifiers
13Structure of Management Information (SMI) MIB
- The root node has three subordinates
- ccitt(0) -- administered by the International
Telegraph and Telephone Consultative Committee
(CCITT) - iso(1) -- administered by the International
Organization for Standardization and
International Electrotechnical Committee
(ISO/IEC) - joint-iso-ccitt(2) -- jointly administered by
ISO/IEC and CCITT
14Structure of Management Information (SMI) MIB
- In the management framework, only the iso(1)
subtree is of interest - ISO/IEC has defined four subordinates
- standard(0) -- has a subordinate assigned to each
International Standard - registration-authority(1) -- reserved for used by
OSI registration authorities - member-body(2) -- has a subordinate assigned to
each member body of ISO/IEC - identified-organization(3) -- has a subordinate
assigned to any organization that ISO/IEC wishes
to favor
15Structure of Management Information (SMI) MIB
MIB object
16Structure of Management Information (SMI) MIB
- Object identifier
- Object identifier
- a sequence of non-negative integer values that
traverse a tree - The most concise textual format for describing an
OBJECT IDENTIFIER e.g...., 1.0.8751.5.1
17Structure of Management Information (SMI) MIB
MIB Table
18MIB Table
- ipRouteTable
- 1.3.6.1.2.1.4.21
19SNMP Command and Arguments
Identifying an object instance
- The instance of a simple object is indicated by
appending .0 - Example GetRequest (sysDescr.0)
- An instance in a table is identified by appending
the index instance(s) for the desired row - Example GetRequest (ipRouteNextHop.10.3.4.5)
- Only cells in a table are accessible
- A table and a row of a table are not accessible
20SNMP Command and Arguments
- GetNextRequest retrieve the next object in
lexicographical order - sysDescr.0 is the next object after the invalid
sysDescr object - sysDescr 1.3.6.1.2.1,1,1
(invalid instance) - sysDescr.0 1.3.6.1.2.1.1.1.0
- sysObjectID 1.3.6.1.2.1.1.2
(invalid instance) - sysObjectID.0 1.3.6.1.2.1.1.2.0
- Consider the command
- GetNextRequest(sysDescr, sysObjectID,
sysUpTime) - The GetResponse to this command should be
- GetResponse(sysDescr.0value,
sysObjectID.0value, sysUpTime.0value) - GetNextRequest can be used to obtain all values
in a MIB in lexicographical order
21SNMP Command and Arguments
- SetRequest used to write the value of an object
- Consider the command
- SetRequest(sysContact.0 name)
- The response to this command would be
- GetResponse(sysContact.0 name)
22Security
- A management station usually manages many objects
- An object may be managed by several management
stations - Each managed device must be able to control the
use of its MIB by a number of distinct management
stations - There are two aspects in this control
- Authentication service authentication of manager
- Access policy different privileges to different
managers
23Authentication
- SNMP provides for only a trivial scheme for
authentication - Every message from a management station includes
a community name - It functions as a password
- With this limited form of authentication, many
network manager will be reluctant to allow
anything other than network monitoring (get and
trap)
24Communities
- A SNMP community is a relationship between an
SNMP agent and a set of SNMP managers that define
authentication and access control characteristics - The community concept is a local one defined at
the managed device - The managed device establishes one community for
each desired combination of authentication and
access control characteristics
25Community Names
- Each community is given a unique (within this
agent) community name - The same name may be used by different managed
devices with different meanings - The management stations are provided with and
must employ the community name in all get and set
operations - If the community name does not match, the message
will be discarded - A management station must keep track of the
community name(s) associated with each of the
managed devices that it wishes to access
26MIB view, access mode, and community profile
- SNMP MIB view a subset of the objects within a
MIB - Different MIB views may be defined for each
community - The set of objects in a MIB view need not belong
to a single subtree of the MIB - SNMP access mode of a community name an element
of the set READ-ONLY, READ-WRITE - An access mode is defined for each community
- The combination of a MIB view and an access mode
is called a community profile
SNMP community profile MIB view SNMP acccess
mode
27SNMP Community Profile
SNMP community profile MIB view SNMP acccess
mode
28SNMP Community Profile
SNMP community profile MIB view SNMP acccess
mode
29SNMP Access Policy
- A pairing of a SNMP community with a SNMP
community profile is called a SNMP access policy - Thus, a SNMP access policy is the combination of
a SNMP community, a MIB view, and an access mode
SNMP access policy SNMP community SNMP
community profile
30SNMP Access Policy
31MIB Access
- Each MIB object has its own ACCESS clause
- Not-accessible
- Read-only
- Write-only
- Read-write
32Resolution of SNMP Access Mode and MIB Access
Use the more restricted access level